yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

re-generate ssh certificates when machine name or domains changes

Browse Source
This commit is contained in:
Jörg Thalheim
2024-12-25 14:26:22 +01:00
committed by Mic92
parent 862aef73eb
commit a04e251f96
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
clanModules/sshd/roles/server.nix
View File

@@ -7,10 +7,12 @@
let
stringSet = list: builtins.attrNames (builtins.groupBy lib.id list);
domains = stringSet config.clan.sshd.certificate.searchDomains;
signArgs = builtins.concatStringsSep " " (
builtins.map (domain: "-n ${lib.escapeShellArg "${config.clan.core.machineName}.${domain}"}") (
stringSet config.clan.sshd.certificate.searchDomains
)
builtins.map (
domain: "-n ${lib.escapeShellArg "${config.clan.core.machineName}.${domain}"}"
) domains
);
cfg = config.clan.sshd;
in
@@ -51,6 +53,10 @@ in
"openssh"
"openssh-ca"
];
validation = {
name = config.clan.core.machineName;
domains = lib.genAttrs config.clan.sshd.certificate.searchDomains lib.id;
};
runtimeInputs = [
pkgs.openssh
pkgs.jq